bitmask-dev.git/src/leap/bitmask/vpn/helpers/linux/bitmask-root, branch 0.10.6 [bitmask-dev] [pkg] add snap openvpn to bitmask-root 2018-03-02T02:54:18+00:00 Kali Kaneko kali@leap.se 2018-03-01T12:30:17+00:00 ba2a5cefe99eba802476a57fe282226af5a53a09 






[feat] hardcode tcp4 in vpn connections
2018-01-25T00:19:11+00:00

Kali Kaneko
kali@leap.se

2018-01-16T22:40:42+00:00

a57c73e33f4937a5050f76ca5224e88801db4afe

for now, we'll be hardcoding tcp as a more reliable alternative, no
matter what the provider announces.

explicitely specifying ipv4 should fix the case in which vpn fails to
start because ipv6 is disabled.

-Resolves: #9181, #9129





for now, we'll be hardcoding tcp as a more reliable alternative, no
matter what the provider announces.

explicitely specifying ipv4 should fix the case in which vpn fails to
start because ipv6 is disabled.

-Resolves: #9181, #9129







[bug] fix the systemctl run
2018-01-16T16:58:59+00:00

Ruben Pollan
meskio@sindominio.net

2018-01-16T16:58:59+00:00

cb1b9e06e3062035df19d9c0812bef7a98bcc51f












[feat] bump bitmask-root version
2018-01-12T10:05:07+00:00

Ruben Pollan
meskio@sindominio.net

2018-01-12T10:05:07+00:00

a351693bc2e13c31352b46d54689618a1606342f












Add Qubes DNS support, fixes
2018-01-12T10:02:58+00:00

Christopher Laprise
tasket@protonmail.com

2017-12-31T12:45:22+00:00

a57a5191216f22718995dad4062243a39fd69626












Add anti-leak rules for qubes-firewall
2018-01-12T10:01:21+00:00

Christopher Laprise
tasket@protonmail.com

2017-12-30T20:36:49+00:00

4da63fae464086d786eaf67d9effdb70d8131a18












[bug] fix issues with dns resolution with systemd-resolved
2018-01-09T21:10:53+00:00

Ruben Pollan
meskio@sindominio.net

2018-01-09T19:49:17+00:00

799f16d85e569755dc7284a4f3d44878b4116d47

In ubuntu 17.10 some changes with systemd-resolved broke our firewall,
blocking all DNS queries. The masquerade rules in the firewall, that
are used to rewrite the source IP address of the DNS queries, were
wrongly modifying the queries to systemd-resolved.

Let's apply masquerade only to the packets addressed to the nameserver.

- Resolves: #9137





In ubuntu 17.10 some changes with systemd-resolved broke our firewall,
blocking all DNS queries. The masquerade rules in the firewall, that
are used to rewrite the source IP address of the DNS queries, were
wrongly modifying the queries to systemd-resolved.

Let's apply masquerade only to the packets addressed to the nameserver.

- Resolves: #9137







[feat] try other gateways if the main one fails
2018-01-08T19:06:34+00:00

Ruben Pollan
meskio@sindominio.net

2018-01-08T17:01:07+00:00

776447a9c03d969928b8fb124738969ebf265ca0

Removing '--persist-ip' param on openvpn it will try to connect to a
different gateway if the first one fails. This means, that in case of
network disconnection for some minutes bitmask will keep rotating
between the different gateways and one the network comes back it will
not connect anymore to the first one, but to the one that was trying at
this moment.

- Resolves: #9188





Removing '--persist-ip' param on openvpn it will try to connect to a
different gateway if the first one fails. This means, that in case of
network disconnection for some minutes bitmask will keep rotating
between the different gateways and one the network comes back it will
not connect anymore to the first one, but to the one that was trying at
this moment.

- Resolves: #9188







[doc] add note about expected paths to bitmask-root itself
2017-12-21T22:34:06+00:00

Kali Kaneko
kali@leap.se

2017-12-21T22:34:02+00:00

89c45faec3db095f2f0e2adb6da133106e9e4f14

I should remember this change when we merge elijah's fix again.
Hopefully that happens soon enough.





I should remember this change when we merge elijah's fix again.
Hopefully that happens soon enough.







[bug] temporarily revert dnsmasq firewall fix
2017-12-21T22:27:23+00:00

Kali Kaneko
kali@leap.se

2017-12-21T22:27:23+00:00

ed88df3d8ddc80d6ef1914c93e429d3e1e1f152a

It has been reported that, after this fix, dns leaks happen under some
circumstances not yet clear. Preparing for a release, we have decided to
revert this change until the problem can be properly triaged.

This means a broken vpn aartful support for the time being, but a
 non-leaking master.

https://0xacab.org/leap/bitmask-dev/issues/9137

- Related: #9137





It has been reported that, after this fix, dns leaks happen under some
circumstances not yet clear. Preparing for a release, we have decided to
revert this change until the problem can be properly triaged.

This means a broken vpn aartful support for the time being, but a
 non-leaking master.

https://0xacab.org/leap/bitmask-dev/issues/9137

- Related: #9137